Stolen NSA Hacking Tools For Sale In Bizarre Auction

The hackers who are auctioning off Cyber-weapons allegedly stolen from the National Security Agency are growing annoyed and want cash.

In what Edward Snowden deems “not unprecedented,” hackers calling themselves the Shadow Brokers have collected NSA-created malware from a staging server run by the Equation Group, an internal hacking team. The Shadow Brokers have now published two chunks of data, one “open” chunk and another encrypted file containing the “best files” that they will sell for at least $1 million. Wikileaks has said they already own the “auction” files and will publish them in “due course.”

The ShadowBrokers' sale of the stolen tools has so far generated little interest, the hackers complained in a message posted online, using broken English.

"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said. At the outset, their auction only had one substantial bid at 1.5 bitcoins, or $918. Many of the other bids were valued at less than $1. 

The hackers originally dumped a sample of the stolen hacking tools back in mid-August, and independent security experts later found the tools to actually work. The tools include exploits designed to compromise firewall and router products from Cisco, Juniper Networks and Fortinet, and are probably worth a fortune.

The hackers claim they have more Cyber-weapons to sell. However, they've taken the unusual step of offering them up through an open online auction relying on bitcoin.

Although anyone can participate, the hackers haven't said when they'll accept the final bid. The hackers also hoped to receive 1 million bitcoins, or $611 million, in exchange for leaking all they stole for free to the public. The unusual conditions have led some security researchers to suspect the auction is a publicity stunt. But the ShadowBrokers claim in their latest posting that the auction is real, despite "sounding crazy."

"Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million," the group said. "TheShadowBrokers is wanting that $1 million."

They made the auction public to draw in the most bidders and never expected a bid of 1 million bitcoins, they added.  "Anticipate end (to the auction) when reasonable sum raised and bidding stops," the hackers added.

Although the ShadowBrokers are offering no guarantees, they did claim they have many more hacking tools that can target other platforms such as Windows, Linux and mobile devices. The tools up for auction will target one of these platforms and include ways to hack a system remotely and remain a persistent threat, they said. "Value estimated in millions of euros/dollars," the group added. 

It's unclear if the tools are really from the NSA. But the hackers claim to have stolen them from the Equation Group, an elite Cyber-espionage team suspected to work for the US government.

The hackers are hoping that victims and adversaries of the Equation Group will eventually bid on the auction. But the ShadowBrokers appear to be growing impatient. Their posting was also riddled with expletives.  

"TheShadowBrokers is wanting quick end too so be making [expletive] bids," the hackers said. 


TechCrunch:     Computerworld


 

« Overwhelming Cyber Attacks On Healthcare
Dealing With Insider Data Theft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

PKWARE

PKWARE

PKWARE is a global leader in business data security, providing encryption and compression solutions to enterprise customers and government entities around the world.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Rwanda Information Society Authority (RISA)

Rwanda Information Society Authority (RISA)

RISA is at the forefront of all ICT project implementation, research, infrastructure and innovation within the ICT sector in Rwanda.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

IronClad Encryption (ICE)

IronClad Encryption (ICE)

Ironclad Encryption is Dynamic Encryption. The encryption sequence changes continuously so there is never a correlation between data sent and data received.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.